---
title: 'Server Configuration'
---
The server is configured by a YAML configuration file. The easiest way to start is by generating it with the CLI or by 
downloading a sample configuration file, and then tweaking it to fit your needs.

## Configuration Reference

### Network Configuration

```yaml
listen_addr: 0.0.0.0:8900
state_store_path: /tmp/indexify/state
blob_storage:
  backend: disk
  disk:
    path: /tmp/indexify/blobs
```

- **listen_addr:** The interface on which the servers listens on. Typically you would want to listen on all interfaces.
- **state_store_path:** Path where the state store is stored. This is where the state of the graph is stored. This is needed for resuming the graph from where it left off in case of a failure.
- **blob_storage:** Configuration for storing blobs. Blobs are raw bytes of data that are stored in the system. This is used for storing intermediate data between functions.

### Blob Storage Configuration

Blob storage is used to store the output of functions.

We support two forms of blob storage at the moment - Disk and S3 Storage.

#### Disk

```yaml
blob_storage:
  backend: disk
  disk:
    path: /tmp/indexify-blob-storage
```

#### S3 Storage

For S3 Storage, you'll need to also ensure you have the two following environment variables configured. Once you've configured these environment variables, our S3 integration will take care of the rest

- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`

```yaml
blob_storage:
  backend: s3
  s3:
    bucket: indexifydata
    region: us-east-1
```

{/* ### Server TLS

To set up mTLS for the indexify server, you first need to create a root certificate along with a client certificate and key pair along with a server certificate and key pair. The commands below will generate the certificates and keys and store them in a folder called `.dev-tls`.

```
local-dev-tls-insecure: ## Generate local development TLS certificates (insecure)
	@mkdir -p .dev-tls && \
	openssl req -x509 -newkey rsa:4096 -keyout .dev-tls/ca.key -out .dev-tls/ca.crt -days 365 -nodes -subj "/C=US/ST=TestState/L=TestLocale/O=IndexifyOSS/CN=localhost" && \
	openssl req -new -newkey rsa:4096 -keyout .dev-tls/server.key -out .dev-tls/server.csr -nodes -config ./client_cert_config && \
	openssl x509 -req -in .dev-tls/server.csr -CA .dev-tls/ca.crt -CAkey .dev-tls/ca.key -CAcreateserial -out .dev-tls/server.crt -days 365 -extensions v3_ca -extfile ./client_cert_config && \
	openssl req -new -nodes -out .dev-tls/client.csr -newkey rsa:2048 -keyout .dev-tls/client.key -config ./client_cert_config && \
	openssl x509 -req -in .dev-tls/client.csr -CA .dev-tls/ca.crt -CAkey .dev-tls/ca.key -CAcreateserial -out .dev-tls/client.crt -days 365 -extfile ./client_cert_config -extensions v3_ca
```

Once you have the certificates and keys generated, add the config below to your server config and provide the paths to where you have stored the root certificate and the server certificate and key pair.

```yaml
tls:
  api: true
  ca_file: .dev-tls/ca.crt        # Path to the CA certificate
  cert_file: .dev-tls/server.crt  # Path to the server certificate
  key_file: .dev-tls/server.key   # Path to the server private key
```

### HA configuration

To run multiple coordinators in a high availability configuration, you'll want
to have a way for them to discover themselves. Set `seed_node` to the address
that can be used for this. Note that the only requirement is that the returned
node is "ready" as defined by `localhost:8960/status`. For dynamic environments,
put a load balancer in front of all coordinator nodes and enable/disable their
endpoints based off the status of the raft cluster.

Note: it is important that *one* of the nodes is started with
`--initialize` the first time the cluster is started. This provides an
initial leader to form the cluster around. You'll likely want to no longer use
this flag after the cluster is formed.

```yaml
raft_port: 8970
node_id: 0
seed_node: my-dicovery-address:8970
``` */}
